1. Field of the Invention
The present invention relates to an authentication method between an Optical Line Terminal (OLT) and an Optical Network Unit (ONU) newly connected thereto in an Ethernet Passive Optical Network (EPON), and more particularly to an authentication method for link protection in the EPON, which can be applied to a data link layer and can support link protection.
2. Description of the Related Art
When a new device attempts to connect to a network, which implements security measures, via a connection point, authentication of the device is performed at the connection point. In order to maintain the security of the network, it is required to check the authenticity of a device newly connecting to the network. The authentication is performed to determine whether or not the device is an authorized entity. After the authentication is performed, cryptography is applied to a link connecting the network connection point and the device based on the authentication information, and then the connection of the device to the secure network is completed so that the device can begin communication via the network.
The authentication is typically performed via an authentication server in the network. The device attempting to connect to the network performs authentication via the authentication server and various authentication protocols. The authentication protocols are typically based on password-based identification, a challenge and response technique, and zero-knowledge proof.
Among the authentication methods, the password-based authentication method is most commonly used. In this method, if a device inputs an ID and a password for its authentication, the authentication server determines whether or not the input ID and password are identical to those stored in the server to determine whether or not the device can access resources requested by the device. The password is secret information of 6 to 8 bytes prescribed between the device and the authentication server. The password must be generated such that it is not easy for attackers to find the password. The password needs to be changed periodically. Typically, the password is transmitted after conversion into a hash value generated by a known hash function. One example of the password-based authentication method uses one-time passwords. This method changes the password each time the device performs authentication. The device sets an initial value x0 as secret information, and calculates xi=h(xi−1) using a known one-way hash function h(xi), where “i” is an integer in the range of “1” to “n”. The device transmits the calculated value xn−1 as its password to the authentication server, and the authentication server converts the corresponding password into a hash value to determine whether or not the received value xn−1 corresponds to the ID of the device, and updates the corresponding password stored in the authentication server with the received value xn−1.
The challenge and response technique is a method in which a device provides its own secret information to the server in order to prove to the server that the device is an authorized user of the server. In this technique, if the server generates a random value and sends a challenge message to the device, the device encrypts the challenge message using a shared key, and sends the encrypted challenge message, together with its identification data, to the server. The server searches for and retrieves the challenge message transmitted to the device on the basis of the identification data received from the device, and encrypts the retrieved challenge message using the shared key and compares it with the challenge message received from the device, thereby authenticating the device.
Finally, the zero-knowledge proof technique is a method in which a device informs the server that the device has its own secret information, without exposing any information about the secret information. This technique is based on an interactive proof scheme in which the device and the server exchange a number of messages corresponding to challenges and responses, where the exchanged messages generally depend on random numbers. For example, in the zero-knowledge proof technique, the authentication server initially selects a number n=pq where “p” and “q” are prime numbers, and stores the prime number “p” and “q” and publicizes the number “n”. The device selects a secret number “s” relatively prime to “n” and calculates v=s2modn, and then registers the value “v” as its public key in the server. The device again selects a random number “r”, and generates a value x=r2modn, and transfers the generated value “x” to the server. The server selects e=0,1 and transmits it to the device. In response to this, the device transmits y=r·semod n to the server. The server then determines whether or not y2=x·v2(mod n). The server accepts the connection of the device to the server if y2=x·v2(mod n), otherwise it rejects the connection.
As described above, most conventional authentication technologies require an authentication server and thus require techniques for communication and management of servers. This indicates that the conventional authentication technologies incur additional costs for implementing a network.
Since the conventional authentication techniques require communication between the authentication server and the device, the authentication techniques are applied to the network layer, which is different from cryptography techniques that are applied to the data link layer. This applied layer difference causes no problem if the device requires authentication but does not require cryptography. However, in most cases, if authentication is completed, the device is given a key that can be used in cryptography and that is provided to the data link layer. Thus, in the conventional authentication methods, an authentication module must control both frames applied to the data link layer and frames applied to the network layer, because there is a need to provide an interface between the layers. This results in high complexity for a communication protocol and a control technique.
In addition, the conventional authentication methods use one-way authentication techniques to authenticate a device newly connected to a network connection point, so that a process for authentication has an asymmetric structure. Thus, a device newly connected to the network may need to have two processes for the next device to be connected to the network. This causes a waste of resources and requires that a key distribution technique necessary for a device to use cryptography be asymmetric, so that one-way feature is also added to key updating, thereby reducing the flexibility of a key management technique.